3 Replies Latest reply on Oct 4, 2013 5:03 AM by Lucas Ponce

    Fine grained authorization within the content of portlet in a portlet application

    Deepak Sambrani Newbie

      Can anyone please guide me how to do fine grained authorization of the content of a portlet. I mean certain portions within the portlet should be visible to certain users/roles. I would like to have this authorization logic externalized rather than embed within portlet.

       

      Thanks in advance.

        • 1. Re: Fine grained authorization within the content of portlet in a portlet application
          Lucas Ponce Novice

          By default, GateIn Portal allows to define security by Portlet.

           

          Inside a portlet you need to invoke to Organization API to check wich user / role / membership you have and add your authorization logic inside your logic.

           

          For example:

           

          OrganizationService os = (OrganizationService)PortalContainer

                          .getInstance()

                          .getComponentInstanceOfType(OrganizationService.class);

           

               

                  try {

                      Collection groups = os.getGroupHandler().findGroupsOfUser(user);

                      for (Object o : groups) {

                          Group g = (Group)o;

                        

                              if (g.getId().equals("mygroup")) {

                                  try {

                                      Membership m = os.getMembershipHandler().findMembershipByUserGroupAndType(user, g.getId(), "mymembership");

                                      // Do something

                                  } catch (Exception e) {

                                      log.warning("Error querying user");

                                      e.printStackTrace();

                                  }

                              }

                          }

                     

          Hope this helps.

          • 2. Re: Fine grained authorization within the content of portlet in a portlet application
            Deepak Sambrani Newbie

            Thanks Lucas for your quick response...

                This way we will be embedding the authorization logic inside the Portal application. Is there any way we can externalize the authorization policies just the way we can do for the Web application using XACML/Authz ? In portlets we don't have the URLs.

            • 3. Re: Fine grained authorization within the content of portlet in a portlet application
              Lucas Ponce Novice

              Mmm I don't see a easy way to do it out-of-the-box, I'm not expert in security, but the Portlet 2.0 spec is limited about it.

              I think that you can handle your logic internally, or in other case, to build your own custom web filter in top of portal application to handle XACML/Authz tokens and authorization logic.

              Regards,

              Lucas